EM-DISPLAY-SPOOFInitial Access

Display-Name Spoofing

Mail client shows only the display name in mobile views; set 'CEO Name <attacker@gmail.com>' — most users tap reply without seeing the address.

§ Where this technique fits

EM-DISPLAY-SPOOF is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 5 on average.

§ Dossiers chaining this technique

Permissive SPF / DMARC p=none → CEO impersonation BEC
Target publishes SPF ~all and DMARC p=none. Send mail from attacker IP with a forged From: <ceo@target.com>; gateway delivers as-is. Combine with display-name spoof for a credible BEC.
step 5 / 7

§ What commonly comes next

01
Phishing
T1566 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Permissive SPF / DMARC p=none → CEO impersonation BEC

§ What commonly comes next